International Telecommunication Union ITU-T Activities on Security Greg Jones ITU Telecommunication Standardization Sector (ITU-T) greg.jones@itu.int ITU-T Seminar – Lisbon, 25 June 2002 ITU-T Study Groups o o ITU-T SG 2 SG 3 o o o o SG SG SG SG 4 5 6 9 o o o o o o o o SG 11 SG 12 SG 13 SG 15 SG 16 SG17 SSG TSAG 25 June 2002 Operational aspects of service provision, networks and performance Tariff and accounting principles including related telecommunications economic and policy issues Telecommunication management, including TMN Protection against electromagnetic environment effects Outside plant Integrated broadband cable networks and television and sound transmission Signalling requirements and protocols End-to-end transmission performance of networks and terminals Multi-protocol and IP-based networks and their internetworking Optical and other transport networks Multimedia services, systems and terminals Data networks and software for Telecommunication Special Study Group "IMT-2000 and beyond" Telecommunication Standardization Advisory Group ITU-T Seminar – Lisbon, 25 June 2002 2 Lead Study Groups ITU-T o o o o o o SG 2 SG 4 SG 9 SG 11 SG 12 SG 13 o SG 15 o SG 16 o SG17 o SSG 25 June 2002 Service definition, numbering and routing TMN Integrated broadband cable and television networks Intelligent networks Quality of Service and performance IP related matters, B-ISDN, Global Information Infrastructure and satellite matters Access network transport and optical technology Multimedia services, systems and terminals and on e-business and e-commerce Communication system security, frame relay, languages and description techniques IMT 2000 and beyond and for mobility ITU-T Seminar – Lisbon, 25 June 2002 3 ITU-T 25 June 2002 Communication system security o WTSA & TSAG • Request to all study groups to coordinate on telecommunication reliability and security o SG 17 – Coordination of ITU-T security studies • X.509, X.842, X.843 o SG 16 – Multimedia services • ETS – Emergency Telecommunication Services o SG 13 – Network reliability • Network requirements and capabilities to support emergency services o SG 2 – Service aspects • Security requirements and incident handling ITU-T Seminar – Lisbon, 25 June 2002 4 ITU-T SG 17 security focus ITU-T o Authentication (X.509/X.842/X.843) • Public Key Infrastructure o Security Management • Risk assessment, identification of assets and implementation characteristics o Telebiometrics • Telebiometric methods, devices and solutions for security purposes o Mobile Security • For low power, small memory size and small display devices 25 June 2002 ITU-T Seminar – Lisbon, 25 June 2002 5 Key studies in ITU-T SG 16 ITU-T o Question G - “Multimedia Security” o Secure H.323-based IP Telephony o H.235 and associated security profiles o H.248 Media Gateway Decomposition Security o Secure H.320 Audio/Video and T.120 Data Conferencing o Emergency Telecommunications Services 25 June 2002 ITU-T Seminar – Lisbon, 25 June 2002 6 Key studies in ITU-T SG 9 ITU-T o IPCablecom project • Interactive services over cable TV networks using IP protocol • ITU-T Rec. J.170 IPCablecom security specification • Types of threat in IPCablecom: • • • • 25 June 2002 Network attacks Theft of service Eavesdropping Denial of Service ITU-T Seminar – Lisbon, 25 June 2002 7 Other studies in SG 2 and 13 ITU-T o Draft new ITU-T Rec. E.sec.1 (SG 2) • Telecommunication networks security requirements o Draft new ITU-T Rec. E.sec.2 (SG 2) • Incident Organisation and Security Incident Handling (Guidelines) • Guidelines on threats and countermeasures o Draft new ITU-T Rec. Y.roec (SG 13) • Network reliability 25 June 2002 ITU-T Seminar – Lisbon, 25 June 2002 8 Special Projects ITU-T 25 June 2002 o o o o o o o o o o o o o o o IMT-2000 Network Aspects (SSG) Call Back (SG 3) Accounting Rate Reform (SG 3) TMN (SG 4) IP Cablecom (SG 9) Quality of service and performance (SG 12) IP (SG 13) Global Information Infrastructure (SG 13) Access Networks (SG 15) Optical Networks (SG 15) Mediacom 2004 (SG 16) JVT – Joint Video Team (SG 16) E-commerce and E-business (SG 16) ASN.1 & Language coordination (SG 17) Communication system security (SG 17) ITU-T Seminar – Lisbon, 25 June 2002 9 Key products ITU-T o Catalogue of ITU-T security Recommendations • (see www.itu.int/itudoc/itut/com17/activity/cat003_ww9.doc) o Compendium of security terms • (see www.itu.int/itudoc/itut/com17/activity/def003.html) 25 June 2002 ITU-T Seminar – Lisbon, 25 June 2002 10 security definitions ITU-T (See itu.int/ITU-T/studygroups/com17/cssecurity.html) o Example: Definitions of public-key • 3.3.43/X.509 • (In a public key cryptosystem) that key of a user’s key pair which is publicly known. • 3.3.11/X.810 • A key that is used with an asymmetric cryptographic algorithm and that can be made publicly available. 25 June 2002 ITU-T Seminar – Lisbon, 25 June 2002 11 ITU-T Recommendations related to communication systems security (See itu.int/ITU-T/studygroups/com17/cssecurity.html) o Example: ITU-T Rec. X.509 • Information technology - Open Systems Interconnection - The directory: Public-key and attribute certificate frameworks (03/00 – version 4) • This Recommendation defines a framework for public-key certificates and attribute certificates… • Uses Abstract Syntax Notation 1 (ASN.1) 25 June 2002 ITU-T Seminar – Lisbon, 25 June 2002 12 ITU-T publications ITU-T o Recommendations o WTSA Resolutions o Appendices o Supplements o Handbooks o Directives o ITU Operational Bulletin 25 June 2002 ITU-T Seminar – Lisbon, 25 June 2002 13 ITU-T Worshops and seminars planned o IPv6 Geneva, 6 May 2002 o Security Seoul, Republic of Korea, 13-14 May 2002 o IMT-2000 and Systems Beyond Ottawa, Canada, 28 May 2002 o IP/Optical Chitose, Japan, 9-11 July 2002 o Workshop on Use of Description Techniques Geneva, 23 November 2002 o Role of Satellites in IP-based and Multimedia Networks and Services Geneva, 9-11 December 2002 25 June 2002 ITU-T Seminar – Lisbon, 25 June 2002 14 Seoul, May 2002 ITU-T o ITU-T Workshop on Security 13-14 May 2002 o Security World Expo 2002 15-18 May 2002 (www.secuexpo.com) o ITU workshop - Creating trust in critical network Infrastructures 20-22 May 2002 25 June 2002 ITU-T Seminar – Lisbon, 25 June 2002 15 Cooperation ITU-T o o o o A.4 – Communication with forums/consortia A.5 – Organizations qualified for referencing A.6 – Communication with SDOs MoUs • MoU ICANN Protocol Supporting Organization, 14 July 1999 • MoU between IEC, ISO, ITU and UN/ECE Concerning Standardization in the Field of Electronic Business, 24 March 2000 • MoU between ITU and ETSI, 14 June 2000 o Informal Forum summit o “ITU-T and Forums” web page 25 June 2002 ITU-T Seminar – Lisbon, 25 June 2002 16 Security collaboration ITU-T o ISO/IEC JTC1 SC 6 & SC 27 o IETF o OASIS 25 June 2002 ITU-T Seminar – Lisbon, 25 June 2002 17 Freely accessible web resources ITU-T o ITU-T patent database o International numbering resources o A.4, A.5 and A.6 recognized o o o o 25 June 2002 organizations Terms and definitions List of ITU-T Recommendations ITU-T Work programme ASN.1 module database – new ITU-T Seminar – Lisbon, 25 June 2002 18 ITU-T Databases on ITU-T website ITU-T o o o o o o o ASN.1 Module Database ITU-T Patents Database International Numbering Resources Recognized SDOs for Recs. A.4, A.5 & A.6 Terms & Definitions Database List of ITU-T Recommendations ITU-T Work Programme Database • ITU-T Work Programme Database Search • Standardization Areas, Domains and their Codes 25 June 2002 ITU-T Seminar – Lisbon, 25 June 2002 19 ITU-T Ensuring global interoperability o Quality of Service (QOS) o Numbering and routing o Communication Systems Security o Tariffs and Accounting rates o Interworking 25 June 2002 ITU-T Seminar – Lisbon, 25 June 2002 20 International Telecommunication Union Thank You! ITU-T Contacts: ITU-T Communication & promotion: Greg Jones - greg.jones@itu.int Vladimir Androuchko - vladimir.androuchko@itu.int ITU-T Study Group 17 Secretariat: Georges Sebek – sebek@itu.int ITU-T Seminar – Lisbon, 25 June 2002